On Tue, Jul 7, 2009 at 4:16 PM, Tom Lane<t...@sss.pgh.pa.us> wrote: > >> (I'm sure we can do something intelligent with privileges that don't >> apply to all object types rather than just fail. e.g. UPDATE privilege >> should be same as USAGE on a sequence.) > > Anything you do in that line will be an ugly kluge, and will tend to > encourage insecure over-granting of privileges (ie GRANT ALL ON ALL > OBJECTS ... what's the point of using permissions at all then?)
That seems a bit pessimistic. While I disagree with Simon's rule I think you can get plenty of mileage out of a more conservative rule of just granting the privilege to all objects for which that privilege is defined. Especially when you consider that we allow listing multiple privileges in a single command. -- greg http://mit.edu/~gsstark/resume.pdf -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
